Show More
@@ -103,6 +103,13 b' class validator(object):' | |||||
103 | host = self.host |
|
103 | host = self.host | |
104 | cacerts = self.ui.config('web', 'cacerts') |
|
104 | cacerts = self.ui.config('web', 'cacerts') | |
105 | hostfingerprint = self.ui.config('hostfingerprints', host) |
|
105 | hostfingerprint = self.ui.config('hostfingerprints', host) | |
|
106 | if not getattr(sock, 'getpeercert', False): # python 2.5 ? | |||
|
107 | if hostfingerprint: | |||
|
108 | raise util.Abort(_("host fingerprint for %s can't be " | |||
|
109 | "verified (Python too old)") % host) | |||
|
110 | self.ui.warn(_("warning: certificate for %s can't be verified " | |||
|
111 | "(Python too old)\n") % host) | |||
|
112 | return | |||
106 | if cacerts and not hostfingerprint: |
|
113 | if cacerts and not hostfingerprint: | |
107 | msg = _verifycert(sock.getpeercert(), host) |
|
114 | msg = _verifycert(sock.getpeercert(), host) | |
108 | if msg: |
|
115 | if msg: | |
@@ -111,28 +118,21 b' class validator(object):' | |||||
111 | 'insecurely)') % (host, msg)) |
|
118 | 'insecurely)') % (host, msg)) | |
112 | self.ui.debug('%s certificate successfully verified\n' % host) |
|
119 | self.ui.debug('%s certificate successfully verified\n' % host) | |
113 | else: |
|
120 | else: | |
114 |
|
|
121 | peercert = sock.getpeercert(True) | |
115 |
|
|
122 | peerfingerprint = util.sha1(peercert).hexdigest() | |
116 | peerfingerprint = util.sha1(peercert).hexdigest() |
|
123 | nicefingerprint = ":".join([peerfingerprint[x:x + 2] | |
117 |
|
|
124 | for x in xrange(0, len(peerfingerprint), 2)]) | |
118 | for x in xrange(0, len(peerfingerprint), 2)]) |
|
125 | if hostfingerprint: | |
119 |
if |
|
126 | if peerfingerprint.lower() != \ | |
120 |
|
|
127 | hostfingerprint.replace(':', '').lower(): | |
121 | hostfingerprint.replace(':', '').lower(): |
|
128 | raise util.Abort(_('invalid certificate for %s ' | |
122 | raise util.Abort(_('invalid certificate for %s ' |
|
129 | 'with fingerprint %s') % | |
123 |
|
|
130 | (host, nicefingerprint)) | |
124 | (host, nicefingerprint)) |
|
131 | self.ui.debug('%s certificate matched fingerprint %s\n' % | |
125 | self.ui.debug('%s certificate matched fingerprint %s\n' % |
|
132 | (host, nicefingerprint)) | |
126 | (host, nicefingerprint)) |
|
133 | else: | |
127 | else: |
|
134 | self.ui.warn(_('warning: %s certificate ' | |
128 | self.ui.warn(_('warning: %s certificate ' |
|
135 | 'with fingerprint %s not verified ' | |
129 |
|
|
136 | '(check hostfingerprints or web.cacerts ' | |
130 |
|
|
137 | 'config setting)\n') % | |
131 |
|
|
138 | (host, nicefingerprint)) | |
132 | (host, nicefingerprint)) |
|
|||
133 | else: # python 2.5 ? |
|
|||
134 | if hostfingerprint: |
|
|||
135 | raise util.Abort(_("host fingerprint for %s can't be " |
|
|||
136 | "verified (Python too old)") % host) |
|
|||
137 | self.ui.warn(_("warning: certificate for %s can't be " |
|
|||
138 | "verified (Python too old)\n") % host) |
|
General Comments 0
You need to be logged in to leave comments.
Login now